Cyberspace Vulnerability Assessment/Hunter

Current as of January 24, 2019


The Cyberspace Vulnerability Assessment/Hunter (CVA/H) weapon system executes vulnerability, compliance, defense and non-technical assessments, best practice reviews, penetration testing and Hunter missions on Air Force and Department of Defense networks and systems. Hunter operations characterize and then eliminate threats for the purpose of mission assurance. The weapon system can perform defensive sorties world-wide via remote or on-site access. The CVA/H weapon system is operated by six active duty units located at Joint Base San Antonio-Lackland, Texas, and Scott Air Force Base, Illinois. Additionally, 12 Air National Guard units operate the weapon system at various locations across the United States. The Air Force Reserve operates a classic associate unit at Scott Air Force Base.


The CVA/H was developed by the former Air Force Information Operations Center, fielded to the then-688th Information Operations Wing in 2009 and officially designated a weapon system by the Chief of Staff of the Air Force in March 2013. Historically, vulnerability assessments were instrumental to mission assurance during Operations Enduring Freedom and Iraqi Freedom. As the complexity of threats to information systems grew and their impact to operations expanded, CVA/H was developed to increase defensive capability. CVA/H continues to provide mission assurance to our most important systems. Additionally, CVA/H now provides the ability to hunt adversaries in our networks and systems. The Hunter mission grew out of the change in defensive cyber strategy from "attempt to defend the whole network" to "mission assurance on the network," and provides an enabling capability to implement a robust defense-in-depth strategy. CVA/H has been employed in real-world operations since November 2010. Air Force Space Command declared CVA/H initially operational in June 2013 and fully operational in February 2016.


The CVA/H weapon system is designed to identify vulnerabilities and provide commanders with a comprehensive assessment of the risk of existing vulnerabilities on critical mission networks. It is functionally divided into a mobile platform used by operators to conduct missions on-site or remotely; a deployable sensor platform to gather and analyze data; and a garrison platform which provides the connectivity needed for remote operations as well as advanced analysis, testing, training and archiving capabilities. Additionally, the Hunter mission focuses on the capability to find, fix, track, target, engage and assess the advanced persistent threat. During active engagements, the CVA/H weapon system, in concert with other friendly network defense forces, provides Air Forces Cyber and combatant commanders a mobile precision protection capability to identify, pursue and mitigate cyberspace threats. The CVA/H weapon system can be armed with a variety of modular capability payloads optimized for specific defensive missions and designed to achieve specific effects in cyberspace. Each CVA/H crew is capable of conducting a range of assessments, to include vulnerability, compliance and penetration testing, along with analysis and characterization of data derived from these assessments. The weapon system payloads consist of commercial-off-the-shelf and government-off-the shelf hardware and software, to include Linux and Windows operating systems loaded with customized vulnerability assessment tools.